Project

General

Profile

Actions

Bug #465

closed

Description input validation too strict

Added by Chris Buechler over 11 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
Start date:
04/01/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

The input validation on description fields in firewall rules at a minimum, possibly elsewhere, is too strict. The default LAN description in 1.2.x isn't allowed, "Default LAN > any". I see it's changed to remove that default, but we cannot make rules on countless thousands of systems uneditable after they upgrade, that has to be changed back to allow ">".

Actions #1

Updated by Ermal Luçi over 11 years ago

  • Status changed from New to Feedback

We can encode all description fields with base64 so no problems should arise.

Agreed?

Actions #2

Updated by Jim Pingle over 11 years ago

That may be too harsh. Having those descriptions be readable in the config.xml is a large benefit, IMHO.

Actions #3

Updated by Erik Fonnesbeck over 11 years ago

It also might work to encode the characters using HTML and depend on the web browser to decode the text, instead of having to add code for decoding it before sending it out to the browser.

Actions #4

Updated by Seth Mos over 11 years ago

  • Status changed from Feedback to Resolved

stripping the < character before comparison works here. Confirmed that it still triggers on <

Actions

Also available in: Atom PDF